Main Vulnerability Database Vulnerabilities #VU40442

Input validation error in WebSphere Portal - CVE-2015-7428

Published: February 29, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40442

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-7428

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: IBM Corporation

Affected software:
WebSphere Portal

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

Open redirect vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted URL. <a href="http://cwe.mitre.org/data/definitions/601.html">CWE-601: URL Redirection to Untrusted Site ('Open Redirect')</a> <br /> <br /> Appropriate Vendor Advisory Link: <a href="http://www-01.ibm.com/support/docview.wss?uid=swg21976358">HERE</a>

How to mitigate CVE-2015-7428

Install update from vendor's website.

Input validation error in WebSphere Portal - CVE-2015-7428

Detailed vulnerability description

How to mitigate CVE-2015-7428

Sources

Please verify you're human